14 DAY TRIAL // Multiple critical vulnerabilities have been discovered in the Exim email server software by the Qualys Research Team. Some of these flaws can be chained together to achieve full remote unauthenticated code execution and root privileges.
Exim is a widely used mail transfer agent (MTA) that even comes pre-installed on some Linux distributions. It is estimated that roughly 60% of Internet mail servers run Exim.
The wide availability of Mail Transfer Agents over the Internet makes them an attractive target for hackers. Once an MTA is accessed, sensitive settings on the mail servers can be altered and hence, permit the creation of new accounts on the target servers.
The bugs, dubbed '21Nails,' include 11 vulnerabilities that require local access to the server and ten others that can be exploited remotely. Qualys discovered the problems and let the Exim developers know on October 20, 2020.
Attackers can take full control of the target server
If these vulnerabilities are successfully exploited, then a remote attacker might gain full root privileges on the target server and run commands to install programs, change data, and create new accounts. The security flaws have been independently verified by security researchers from Qualys who created exploits to gain complete root access.
Given the recent Microsoft Exchange server breaches, it's critical that the patches are introduced as soon as possible, as email servers have become a lucrative target for espionage campaigns.
Cybercriminals have previously used vulnerabilities in Exim software to launch several attacks, including using a Linux worm to install cryptocurrency miners on affected servers.